Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
WAF violation status code 403
« previous
next »
Print
Pages: [
1
]
Author
Topic: WAF violation status code 403 (Read 3271 times)
wickeren
Newbie
Posts: 10
Karma: 0
WAF violation status code 403
«
on:
May 01, 2023, 07:27:34 pm »
Is there a way to let nginx give a status code of 403 in case of violation of the NAXSI rules?
Some security scanners now can’t detect a WAF and flag that as a security issue. The cause seems to be the 200 response instead of a 403, even if the request is actually denied. Setting a custom error violation page won’t work too, cause
“Only the page content itself is used. Status code rewriting and redirection is not supported”
Any ideas how to get a 403?
Logged
wickeren
Newbie
Posts: 10
Karma: 0
Re: WAF violation status code 403
«
Reply #1 on:
May 02, 2023, 03:45:45 pm »
Ok I can see in the config:
location = /waf_denied.html {
root /usr/local/etc/nginx/views;
access_log /var/log/nginx/waf_denied.access.log main;
If i add
return 403;
it works as expected, WAF is detected fine by different security scanners.
But it's overwritten/deleted evertime I hit Aplly in the GUI.
Any way to make a permanant custom config? Or any other way to add the
return 403;
?
«
Last Edit: May 02, 2023, 04:23:35 pm by wickeren
»
Logged
wickeren
Newbie
Posts: 10
Karma: 0
Re: WAF violation status code 403
«
Reply #2 on:
May 02, 2023, 04:23:10 pm »
or even better: add a "Violation status code" setting in the gui, setting the required status code
Logged
wickeren
Newbie
Posts: 10
Karma: 0
Re: WAF violation status code 403
«
Reply #3 on:
May 08, 2023, 09:21:39 pm »
Not any idea how to return a more formal correct status 403 for WAF violation?
Unlike as in haproxy there no such thing in NGINX to do custom options?
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: WAF violation status code 403
«
Reply #4 on:
May 10, 2023, 08:24:38 pm »
looks like a reasonable idea imho
but so far I can not offer other options except for adding a
Code:
[Select]
return 403;
line to the http.conf template after
https://github.com/opnsense/plugins/blob/ec4d29100ccf3117fb68c341c8749cf1f1ba3b66/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L251
line.
it won't survive the plugin update
Logged
wickeren
Newbie
Posts: 10
Karma: 0
Re: WAF violation status code 403
«
Reply #5 on:
May 12, 2023, 11:17:54 pm »
Tnx! I think I can live with that for now.
What’s the best way to do suggestions to get things like this probably embedded in a next version?
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: WAF violation status code 403
«
Reply #6 on:
May 29, 2023, 08:22:15 pm »
Feature request in
https://github.com/opnsense/plugins/issues/new?assignees=&labels=&projects=&template=feature_request.md&title=
is the best option imho. so that all contributors can see the request
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
WAF violation status code 403